V723. Function returns a pointer to the internal string buffer of a local object, which will be destroyed.


The analyzer has detected an issue when a function returns a pointer to the internal string buffer of a local object. This object will be automatically destroyed together with its buffer after leaving the function, so you won't be able to use the pointer to it. The most common and simple code example triggering this message looks like this:

const char* Foo()
{
  std::string str = "local";
  return str.c_str();
}

In this code, the Foo() function returns a C-string stored in the internal buffer of the str object which will be automatically destroyed. As a result, we'll get an incorrect pointer that will cause undefined behavior when we try to use it. The fixed code should look as follows:

const char* Foo()
{
  static std::string str = "static";
  return str.c_str();
}

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-416.


Bugs Found

Checked Projects
364
Collected Errors
13 504